06/09/2022
Basic principles of information security
Information security must uphold confidentiality, integrity and availability (known as the CIA triad) as the core principles.
a) Confidentiality: prevents the disclosure of information to unauthorised individuals or systems.
b) Integrity: means that data cannot be modified without authorisation.
c) Availability: for any information system to serve its purpose, the information must be available when it is needed.
Other principles such as authenticity, non-repudiation, identification, authorisation, accountability and auditability are also becoming key considerations for practical security implementations.
a) Authenticity: To ensure that the data, transactions, communications or documents (electronic or physical) are genuine, it is important to validate both parties involved are ‘who they claim they are’.
b) Non-repudiation: Non-repudiation implies one's intention to fulfil one’s obligations under a contract/transaction. It also implies that a party to a transaction cannot deny having received or having sent an electronic record. Electronic commerce uses technology such as digital signatures and encryption to establish authenticity and non-repudiation.
c) Identification: Identification is the process by which a subject admits an identity and accountability is initiated. A subject must provide an identity to a system to start the process of authentication, authorisation and accountability.
d) Authorisation: Once a subject is authenticated, access must be authorised. The process of authorisation ensures that the requested activity or access to an object is possible given the rights and privileges assigned to the authenticated identity. In most cases, the system evaluates an access control matrix that compares the subject, the object, and the intended activity. If the specific action is allowed, the subject is authorised. Else, the subject is not authorised.
e) Accountability and auditability: An organisation’s security policy can be properly enforced only if accountability is maintained, i.e., security can be maintained only if subjects are held accountable for their actions. Effective accountability relies upon the capability to prove a subject’s identity and track their activities.
ការលែកចំណេះដឹង ស្តីពី "សន្តិសុខ និងសវនកម្ម ព័ត៌មានវិទ្យា" We are sharing the "Information Technology security and Audit"
